[Snyk] Upgrade @eslint/js from 9.17.0 to 9.18.0

[Sec32fun32]

Snyk has created this PR to upgrade @eslint/js from 9.17.0 to 9.18.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.

• The recommended version was released 21 days ago.

Release notes

Package name: @eslint/js

• 9.18.0 - 2025-01-10
  

  Features

  • e84e6e2 feat: Report allowed methods for no-console rule (#19306) (Anna Bocharova)
  • 8efc2d0 feat: unflag TypeScript config files (#19266) (Francesco Trotta)
  • 87a9352 feat: check imports and class names in no-shadow-restricted-names (#19272) (Milos Djermanovic)

  Bug Fixes

  • da768d4 fix: correct overrideConfigFile type (#19289) (Francesco Trotta)

  Documentation

  • d9c23c5 docs: replace var with const in rule examples (#19325) (Tanuj Kanti)
  • 8e1a898 docs: add tabs to cli code blocks (#18784) (Jay)
  • f3aeefb docs: rewrite using let and const in rule examples (#19320) (PoloSpark)
  • 0b680b3 docs: Update README (GitHub Actions Bot)
  • 98c86a9 docs: Edit this page button link to different branches (#19228) (Tanuj Kanti)
  • 6947901 docs: remove hardcoded edit link (#19323) (Milos Djermanovic)
  • 03f2f44 docs: rewrite var with const in rules examples (#19317) (Thiago)
  • 26c3003 docs: Clarify dangers of eslint:all (#19318) (Nicholas C. Zakas)
  • c038257 docs: add eqeqeq in related rules to no-eq-null (#19310) (루밀LuMir)
  • 89c8fc5 docs: rewrite examples with var using let and const (#19315) (Amaresh S M)
  • db574c4 docs: add missing backticks to no-void (#19313) (루밀LuMir)
  • 8d943c3 docs: add missing backticks to default-case-last (#19311) (루밀LuMir)
  • 36ef8bb docs: rewrite examples with var using let and const (#19298) (Amaresh S M)
  • 1610c9e docs: add missing backticks to no-else-return (#19309) (루밀LuMir)
  • df409d8 docs: Update README (GitHub Actions Bot)
  • 2e84213 docs: Fix Horizontal Scroll Overflow in Rule Description on Mobile View (#19304) (Amaresh S M)
  • 6e7361b docs: replace var with let and const in rule example (#19302) (Tanuj Kanti)
  • 069af5e docs: rewrite var using const in rule examples (#19303) (Kim GyeonWon)
  • 064e35d docs: remove 'I hope to' comments from scope-manager-interface (#19300) (Josh Goldberg ✨)
  • 8e00305 docs: replace var with const in rule examples (#19299) (Tanuj Kanti)
  • a559009 docs: Add warning about extending core rules (#19295) (Nicholas C. Zakas)
  • 0bfdf6c docs: Update README (GitHub Actions Bot)
  • ce0b9ff docs: add navigation link for code explorer (#19285) (Tanuj Kanti)
  • e255cc9 docs: add bluesky icon to footer (#19290) (Tanuj Kanti)
  • 5d64851 docs: remove outdated info about environments (#19296) (Francesco Trotta)
  • eec01f0 docs: switch rule examples config format to languageOptions (#19277) (Milos Djermanovic)
  • b36ca0a docs: Fixing Focus Order by Rearranging Element Sequence (#19241) (Amaresh S M)
  • d122c8a docs: add missing backticks to sort-imports (#19282) (루밀LuMir)
  • 0367a70 docs: update custom parser docs (#19288) (Francesco Trotta)
  • 8c07ebb docs: add border-radius to hX:target selector styles (#19270) (루밀LuMir)
  • eff7c57 docs: add limitation section in no-loop-func (#19287) (Tanuj Kanti)
  • 5db226f docs: add missing backticks in various parts of the documentation (#19269) (루밀LuMir)
  • 789edbb docs: Update README (GitHub Actions Bot)
  • 613c06a docs: mark rules that are frozen with ❄️ (#19231) (Amaresh S M)
  • 43172ec docs: Update README (GitHub Actions Bot)
  • ac8b3c4 docs: fix description of overrideConfigFile option (#19262) (Milos Djermanovic)
  • bbb9b46 docs: Update README (GitHub Actions Bot)
  • 995b492 docs: fix inconsistent divider in rule categories box (#19249) (Tanuj Kanti)
  • f76d05d docs: Refactor search result handling with better event listener cleanup (#19252) (Amaresh S M)
  • c5f3d7d docs: Update README (GitHub Actions Bot)

  Chores

  • c52be85 chore: upgrade to @ eslint/[email protected] (#19330) (Francesco Trotta)
  • 362099c chore: package.json update for @ eslint/js release (Jenkins)
  • 495aa49 chore: extract package name from package.json for public interface (#19314) (루밀LuMir)
  • 6fe0e72 chore: update dependency @ eslint/json to ^0.9.0 (#19263) (renovate[bot])
• 9.17.0 - 2024-12-13
  

  Features

  • eed91d1 feat: add suggestions to no-unused-vars (#18352) (Tanuj Kanti)

  Bug Fixes

  • 67d683d fix: fix crash when message.fix is nullish (#19168) (ntnyq)
  • c618707 fix: ignore vars with non-identifier references in no-useless-assignment (#19200) (YeonJuan)

  Documentation

  • 3c22d2a docs: update yoda to Yoda in yoda.md for consistency (#19230) (루밀LuMir)
  • e0a2203 docs: add missing backticks to no-sequences (#19233) (루밀LuMir)
  • 4cc4881 docs: Update README (GitHub Actions Bot)
  • 3db6fdf docs: [no-await-in-loop] expand on benefits and inapplicability (#19211) (Kirk Waiblinger)
  • bf2a4f6 docs: add missing backticks to func-style (#19227) (루밀LuMir)
  • ba098bd docs: add missing header to prefer-spread (#19224) (루밀LuMir)
  • b607ae6 docs: update description of no-param-reassign (#19220) (루밀LuMir)
  • 1eb424d docs: add missing backticks to prefer-destructuring (#19223) (루밀LuMir)
  • 85998d1 docs: add missing backticks to no-unneeded-ternary (#19222) (루밀LuMir)
  • b75b32c docs: add missing backticks to no-new-func (#19219) (루밀LuMir)
  • a7700bc docs: add missing backticks to id-length (#19217) (루밀LuMir)
  • e2bb429 docs: add missing backticks to complexity.md (#19214) (루밀LuMir)
  • 045d716 docs: add missing ) to id-denylist (#19213) (루밀LuMir)
  • 7fe4114 docs: Update README (GitHub Actions Bot)
  • c743ba6 docs: add CSS language to no-restricted-syntax (#19208) (Milos Djermanovic)
  • 1416d70 docs: add missing backticks to eqeqeq (#19207) (루밀LuMir)
  • b950c1b docs: add missing backticks to prefer-object-spread (#19206) (루밀LuMir)
  • 8a941cb docs: update docs and description of require-unicode-regexp (#19205) (루밀LuMir)
  • cbab228 docs: Update README (GitHub Actions Bot)
  • f2257ce docs: update comments and description of no-script-url (#19203) (루밀LuMir)
  • 365f0f4 docs: add missing backtick to default-case-last (#19202) (루밀LuMir)
  • e6b84f5 docs: add missing punctuation in document (#19161) (루밀LuMir)
  • c88708e docs: replace quote with backtick in description of for-direction (#19199) (루밀LuMir)
  • a76f233 docs: use higher contrast color tokens for code comments (#19187) (Josh Goldberg ✨)
  • db19502 docs: Update README (GitHub Actions Bot)

  Chores

  • cc243c9 chore: upgrade to @ eslint/[email protected] (#19242) (Francesco Trotta)
  • 84c5787 chore: package.json update for @ eslint/js release (Jenkins)
  • 4c4f53b chore: add missing backticks to flags.js (#19226) (루밀LuMir)
  • 4b3132c chore: update dependency eslint-plugin-expect-type to ^0.6.0 (#19221) (renovate[bot])
  • 9bf2204 chore: add type definitions for the eslint-config-eslint package (#19050) (Arya Emami)
  • ee8c220 chore: fix incorrect name property in integration-tutorial-code (#19218) (루밀LuMir)
  • cca801d chore: Upgrade cross-spawn to 7.0.6 (#19185) (folortin)

from @eslint/js GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/[email protected]	Transitive: environment	+21	8.43 MB	existentialism, hzoo, jlhwung, ...1 more
npm/@babel/[email protected]	Transitive: environment, unsafe	+92	9.05 MB	existentialism, hzoo, jlhwung, ...1 more
npm/@eslint/[email protected]	None	0	60 kB	eslintbot
npm/@eslint/[email protected]	None	0	14.9 kB	eslintbot
npm/@eslint/[email protected]	None	+1	301 kB	eslintbot
npm/@trunkio/[email protected]	None	0	58 kB	lauritrunk
npm/@types/[email protected]	None	0	2.22 MB	types
npm/@typescript-eslint/[email protected]	None	+4	1.43 MB	bradzacher, jameshenry
npm/@wdio/[email protected]	Transitive: environment, filesystem, network, shell	+59	205 MB	wdio-user
npm/@wdio/[email protected]	environment Transitive: eval, filesystem, network, shell	+20	5.37 MB	wdio-user
npm/@wdio/[email protected]	Transitive: environment	+4	880 kB	wdio-user
npm/@wdio/[email protected]	Transitive: environment, filesystem, network, shell	+12	4.3 MB	wdio-user
npm/[email protected]	filesystem	0	43.7 kB	nicolo-ribaudo
npm/[email protected]	filesystem, unsafe	+2	333 kB	oss-bot
npm/[email protected]	None	+3	789 kB	chaijs
npm/[email protected] 🔁 npm/[email protected]	None	+7	243 kB	mattmueller
npm/[email protected] 🔁 npm/[email protected]	None	0	1.26 MB	zloirock
npm/[email protected]	filesystem	0	172 kB	eslint-community-bot

🚮 Removed packages: npm/@11ty/[email protected], npm/@11ty/[email protected], npm/@11ty/[email protected], npm/@11ty/[email protected], npm/@11ty/[email protected], npm/@11ty/[email protected], npm/@munter/[email protected], npm/@types/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	CI
Deprecated	npm/[email protected]	Reason: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.	⚠︎
Protestware or potentially unwanted behavior	npm/[email protected]	Note: This package prints a protestware console message on install regarding Ukraine for users with Russian language locale	⚠︎
Protestware or potentially unwanted behavior	npm/[email protected]	Note: The script attempts to run a local post-install script, which could potentially contain malicious code. The error handling suggests that it is designed to fail silently, which is a common tactic in malicious scripts.	⚠︎

View full report↗︎

Next steps

What is a deprecated package?

The maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.

Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution.

What is protestware?

This package is a joke, parody, or includes undocumented or hidden behavior unrelated to its primary function.

Consider that consuming this package may come along with functionality unrelated to its primary purpose.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]

[github-actions]

Hi everyone, it looks like we lost track of this pull request. Please review and see what the next steps are. This pull request will auto-close in 7 days without an update.